|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2020-02-01 19:42 UTC] stas@php.net
-Type: Security
+Type: Bug
-Package: CGI/CLI related
+Package: Scripting Engine problem
[2020-02-04 14:06 UTC] nikic@php.net
-Summary: Stackoverflow in cli/php
+Summary: Stackoverflow with header callback
[2020-02-04 14:06 UTC] nikic@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Thu Apr 03 11:01:30 2025 UTC |
Description: ------------ The following test script triggers stack overflow in the latest code of php(PHP 8.0.0-dev (cli) (built: Jan 28 2020 14:15:44) ( NTS )). The crash locations varies each time we run it. Run the script with "php -f poc.php", and with asan we got: === ==121897==ERROR: AddressSanitizer: stack-overflow on address 0x7ffd2563ae68 (pc 0x00000123867a bp 0x7ffd2563de60 sp 0x7ffd2563ae60 T0) #0 0x1238679 in execute_ex (/home/rxz226/php-src/bld_asan/sapi/cli/php+0x1238679) #1 0xdf5a2f in zend_call_function (/home/rxz226/php-src/bld_asan/sapi/cli/php+0xdf5a2f) #2 0x91a287 in zif_spl_autoload_call (/home/rxz226/php-src/bld_asan/sapi/cli/php+0x91a287) #3 0xdf5c7d in zend_call_function (/home/rxz226/php-src/bld_asan/sapi/cli/php+0xdf5c7d) #4 0xdf7f71 in zend_lookup_class_ex (/home/rxz226/php-src/bld_asan/sapi/cli/php+0xdf7f71) #5 0xdfa8dd in zend_fetch_class_by_name (/home/rxz226/php-src/bld_asan/sapi/cli/php+0xdfa8dd) ... === Test script: --------------- <? spl_autoload_register ( function () { header_register_callback ( function () { new a ; } ) ; } ) ; class a implements b { }